5.1 Security Considerations for Implementers
SHA-1 hashing is not deprecated due to the backward compatibility consideration.
Any form of password authentication can be vulnerable to dictionary or brute-force password-guessing attacks. Proper throttling is to be considered by the implementers of the Peer-to-Peer Grouping Security Protocol.